News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Dells bells on horseback!

    Home Forums Code Red – Security/Privacy advisories Dells bells on horseback!

    Viewing 7 reply threads
    • Author
      Posts
      • #2362666
        Microfix
        AskWoody MVP

        Using a Dell device? you may want to read this article:
        Vulnerable Dell driver puts hundreds of millions of systems at risk

        Five flaws in one
        A collection of five flaws, collectively tracked as CVE-2021-21551, have been discovered in DBUtil, a driver from that Dell machines install and load during the BIOS update process and is unloaded at the next reboot.

        and from the horses mouth

        and keep an eye on your dell updates..

        W10, the itch you simply cannot scratch!
        • This topic was modified 1 week, 6 days ago by Microfix.
        6 users thanked author for this post.
      • #2362828
        Paul T
        AskWoody MVP

        This type of vulnerability is not considered critical because an attacker exploiting it needs to have compromised the computer beforehand

        If your system is already secure from external threats you need not worry.
        Wait until Dell release an updated driver.

        cheers, Paul

        1 user thanked author for this post.
      • #2362944
        Alex5723
        AskWoody Plus

        Dell has a fix :

        Summary: Dell released an update utility to mitigate a security vulnerability affecting the dbutil_2_3.sys driver packaged with Dell Client firmware update utility packages and tools.

        “Remediation Steps:

        Impacted customers must complete 2 steps as follows:
        Immediately remove the vulnerable dbutil_2_3.sys driver from the affected system using one of the following options from Step 1 below: download and run a utility to remove the driver from the system (Option 1), manually remove the driver from the system (Option 2), or on or after May 10, 2021, utilize one of the Dell notification solutions to run the utility (Option 3).
        As described in Step 2 below, obtain and run the latest firmware update utility package(s), Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags as applicable….

        • #2362945
          EricB
          AskWoody Plus

          And before freaking out users should review Dell’s advisory to see if their own system is or is not affected by the issue.

          2 users thanked author for this post.
        • #2362988
          Kirsty
          Manager

          The fix was seen in the link that Microfix posted in the original topic post, above.

      • #2362948
        lmacri
        AskWoody Plus

        Hi Microfix:

        Thanks for the heads up.

        I have a Dell Inspiron 15 5584 with the latest 5583/5584 BIOS v1.12.0 (installed 01-Feb-2021), which is listed as an affected system in Table A of DSA-2021-088: Dell Client Platform Security Update for an Insufficient Access Control Vulnerability in the Dell dbutil Driver, but I can’t find this dbutil_2_3.sys file in either C:\Windows\Temp or the hidden C:\Users\<myusername>\AppData\Local\Temp.  I don’t know if that’s because this driver file was never created on my system or if it was removed when I recently cleaned all my temp folders with CCleaner (which clears both those temp folders).
        ———-
        Dell Inspiron 15 5584 * 64-bit Win 10 Pro v20H2 build 19042.928 * Dell BIOS v1.12.0 * Dell SupportAssist v3.8.1.23 * Dell Update v4.1.0 * CCleaner Free Portable 5.79.8704

        • #2362971
          dmt_3904
          AskWoody Plus

          I have a Latitude E5470 that is impacted. Dell’s update instructions make my head spin a bit! I can run this utility, but like Imacri, I don’t see the dbutil file in the Temp folder.  Should I run this anyway?

          Step 1: Immediately remove the vulnerable dbutil_2_3.sys driver from the affected system using one of the options below. NOTE: If you are using the Dell System Inventory Agent you must first download the latest available version (2.6.0.0 or greater) here.

          Option 1 (Recommended): Download and run the Dell Security Advisory Update – DSA-2021-088 utility.

          I did see a BIOS update on 4/28/21 – I will install that, I assume it’s updated for this vulnerability.

          And finally, had I not clicked on CODE RED I wouldn’t have known about this – Dell really should be more proactive in notifying customers of vulnerabilities.

           

        • #2363210
          Moonbear
          AskWoody Lounger

          Also in the same boat here, both folders checked and nothing found.

          I wonder if being logged in to the Admin account instead of Standard would make any difference?

          • #2363227
            dmt_3904
            AskWoody Plus

            I don’t think it matters.  An exploit is not likely if by chance the dbutil is there and the remediation will fix the issue.

            From Dell website:

            Q: Could a malicious actor exploit this vulnerability?

            A: A malicious actor would first need to be granted access to your PC, for example through phishing, malware or by you granting remote access. To help protect yourself from malicious actors, never agree to give remote control to your computer to any unsolicited contact (such as from an email or phone call) to fix an issue.
            Dell is not aware of this vulnerability having been exploited by a malicious actor to date.

            Q: Why are there 2 steps in the “Remediation” section of Dell Security Advisory DSA-2021-088
            A: Step 1 is to immediately remediate this vulnerability. Step 2 is focused on informing you how to install a remediated dbutil driver during your next scheduled firmware update. For each step, Dell is offering different options, and you should choose the option that best matches your circumstances.

            Step 2: To prevent reintroduction of a vulnerable dbutil driver, obtain and run a remediated firmware update utility package, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags as applicable.

            Now, I ran the BIOS update today but it didn’t work! I don’t know what happened, I ran the BIOS exe, my laptop booted and came up very quickly, too quickly to complete a Bios update and when I checked, it was the old BIOS.  Computer is working.  I’ll try again.

            • #2363231
              Moonbear
              AskWoody Lounger

              I just realized I didn’t actually type out all my reply.

              In regards to being signed in to the Admin account verse the Standard User account, I was thinking in terms of needing to be signed in as Admin to see that accounts temp files.

              But after seeing the post below by @Mele20 I don’t think I need to worry since I’ve never touched the BIOS on this system.

      • #2363011
        anonymous
        Guest

        I have a Dell Inspiron 15 5593 laptop which is on the list of affected systems in Table A.

        When I ran the Dell utility recommended in Step 1 Option 1 it reported that the dbutil 2.3 driver was not found on my laptop.

        So just because your Dell PC is listed in Table A it doesn’t always mean that your system has the dodgy driver (also see Imacri’s post above).

        2 users thanked author for this post.
      • #2363052
        RetiredGeek
        AskWoody MVP

        Hey Y’all,

        Here’s a little PS utility that will do the work for you.

        Function Remove-ProblemFile {
        
          Param (
            [Parameter(Mandatory=$True)]
            [AllowNull()]
            [Object] $BadFile
          )
        
          If ($Null -ne $BadFile) {
            Try {
                   Remove-Item -Path $($BadFile.FullName) -Force
                   "$($BadFile.FullName) removed successfully"
                   $Script:FileCnt += 1
            }
            Catch {
                   "$($BadFile.FullName) removal unsuccessful"
            }
          }
        
        } #End Function Remove_ProblemFile
        
        Clear-Host
        
        $FName   = "dbutil_2_3.sys"
        $FileCnt = 0
        
        $GCIArgs = @{Path = "C:\Users\$($env:USERNAME)\AppData\Local\Temp"
                     File = $True
                     Filter = $FName}
        
        Remove-ProblemFile -BadFile (Get-ChildItem @GCIArgs)
        
        $GCIArgs.Path = "C:\Windows\Temp"
        
        Remove-ProblemFile -BadFile (Get-ChildItem @GCIArgs)
        
        "$FileCnt file(s) removed."
        

        HTH 😎

        May the Forces of good computing be with you!

        RG

        PowerShell & VBA Rule!
        Computer Specs

      • #2363229
        Mele20
        AskWoody Lounger

        My Dell XPS 8930 (3.5 years old) is NOT affected because I don’t have that driver because I never update BIOS unless absolutely necessary and, generally, it is NOT necessary during the life of a computer.

        A lot of home users do not have a UPS and, unless you do, should NEVER update BIOS. It’s way too risky without any power supply backup if needed.

        My Dell is on the list but I won’t be flashing the BIOS (even though my Dell is connected to my UPS).

        1 user thanked author for this post.
      • #2363487
        lmacri
        AskWoody Plus

        Hi Microfix:

        Dell SupportAssist v3.9.0 delivered an update today (08-May-2021) for “Dell Security Advisory Update – DSA-2021-088” so I assume I’m patched now for the DBUtil driver vulnerability described in DSA-2021-088: Dell Client Platform Security Update for an Insufficient Access Control Vulnerability in the Dell dbutil Driver.
        ———-
        Dell Inspiron 15 5584 * 64-bit Win 10 Pro v20H2 build 19042.928 * Dell BIOS v1.12.0 * Dell SupportAssist v3.9.0.234 * Dell Update v4.1.0

    Viewing 7 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: Dells bells on horseback!

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.